Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses

Filter by:

With package: pangolin

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-3209

6.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 4 weeks ago Activity log

Created suggestion 1 month, 4 weeks ago

fosrl Pangolin Role verifyApiKeyRoleAccess access control

A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.4-s.4 mitigates this issue. The identifier of the patch is 5e37c4e85fae68e756be5019a28ca903b161fdd5. Upgrading the affected component is advised.

References

VDB-347796 | fosrl Pangolin Role verifyApiKeyRoleAccess access control vdb-entrytechnical-description
VDB-347796 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #765676 | Pangolin <=1.15.4 Improper Access Controls third-party-advisory
https://gist.github.com/henrrrychau/0457bef6776d0c99688f9cf55cdf55f7 exploit
https://github.com/fosrl/pangolin/pull/2511 issue-trackingpatch
https://github.com/fosrl/pangolin/commit/5e37c4e85fae68e756be5019a28ca903b161fd… patch
https://github.com/fosrl/pangolin/releases/tag/1.15.4-s.4 patch
https://github.com/fosrl/pangolin/ product

Affected products

Pangolin

==1.15.4-s.2
==1.15.4-s.0
==1.15.4-s.1
==1.15.4-s.3
==1.15.4-s.4

Matching in nixpkgs

pkgs.pangolin

Lightweight portable rapid development library for managing OpenGL display / interaction and abstracting video input

pkgs.pangolin-cli

Pangolin CLI tool and VPN client

nixos-unstable 0.3.3
- nixpkgs-unstable 0.3.3
- nixos-unstable-small 0.3.3

pkgs.fosrl-pangolin

Tunneled reverse proxy server with identity and access control

nixos-unstable 1.15.3
- nixpkgs-unstable 1.15.3
- nixos-unstable-small 1.15.3
nixos-25.11 1.10.3
- nixos-25.11-small 1.10.3
- nixpkgs-25.11-darwin 1.10.3

Package maintainers

@water-sucks Varun Narravula <varun@snare.dev>
@jackrosenberg Jack Rosenberg <nixos@jackr.eu>

1